Due To Smart Contract Problem, The AkuDreams Development Team Has Locked Up $33 Million
Over 11,500 Ethereum (ETH) AkuDreams worth approximately $33 million was locked permanently under a smart contract, unreachable even to the development team, in the highly anticipated NFT project Akutars AkuDreams over the weekend due to both an exploit and a glitch.
The exploit, on the other hand, was carried out by someone attempting to expose a flaw in the project rather than to steal funds through a hack.
On Friday, April 22, the project went live with a Dutch Auction, a sort of auction in which the price drops until a bid is received, with the first bidder winning the sale as long as the price is over the reserve.
The auction opened at 3.5 Ethereum with only 5,495 of the available 15,000 NFTs up for sale and the smart contract set to refund any bidders who were underbid. Holders of an “Aku Mint Pass” were also given a 0.5 Ethereum discount on each minted NFT.
The $33M Bug AkuDreams
In a April 23 Twitter thread explaining the whopping $33 million bug, 0xInuarashi, a developer of multiple NFT projects explained Akutars’ smart contract was coded so that refunds to bidders had to be processed first before the team could withdraw any funds.
The contract had a caveat that a minimum number of bids had to be made before it would allow for the team to withdraw, but the minimum number of bids was set to equal the amount of NFTs available for auction.
Unfortunately, due to some buyers minting multiple NFTs within the same bid, the terms of the contract mean it will never unlock, sealing away the nearly $33 million in Ethereum forever.
The exploit
In a now deleted tweet posted by the Akutars that was shared by DeFi developer foobar, it said that developers reached out to them warning that their contract could be exploited but appeared to shrug them off completely as they labelled the potential exploit a “feature”.
During the mint an unknown individual executed what’s known as a “griefing contract” which locked the ability of the Akutars contract to process refunds to those underbid. The individual even embedded a message on the blockchain to the Akutars team saying they would stop the contract:
“Well, this was fun, had no intention of actually exploiting this lol. Otherwise I wouldn’t have used Coinbase. Once you guys publicly acknowledge that the exploit exists, I will remove the block immediately.”
Akutars then promptly responded by taking responsibility for the code and suggested that the exploit “was not done out of malice” and the person “intended to bring attention to best practices for highly visible projects.”
In a tweet on the same day, the project’s founder and former pro-baseballer Micah Johnson offered an apology to the community, noting that after letting them down he will “continue to build brick by brick” and work tirelessly to avoid any similar issues moving forward.
The team also said that it will be issuing 0.5 Ethereum refunds to pass holders as well as airdropping the NFT to successful bidders.
In an update posted on Sunday April 24 the team said it had rewritten its minting contract which was then audited by several developers and plans to mint on Monday April 25.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join CoinCu Telegram to keep track of news: https://t.me/coincunews
Follow CoinCu Youtube Channel | Follow CoinCu Facebook page
Annie
CoinCu News